This section provides security advisories for WSO2 products and the security patches that address them. You can download security patches from WSO2 Security Patch Releases on our website. For information on applying a security patch, see WSO2 Patch Application Process.
Please note: according to WSO2 Vulnerability Management Process, public patches are released only for the latest version of a product, after giving a minimum of 4 weeks grace period for our subscription customers to first apply the fixes. Once a newer version of a product gets released, we discontinue providing patches for the previous version and start providing for the new one. Therefore, in order to continuously receive these freely provided security patches, you should migrate to the newer versions that we typically release every three to six month. In contrast, our subscription customers will continuously receive security fixes for the versions they are currently using, without having to migrate to newer versions and without any delays. The fixes will be delivered to them via the WSO2 Update Manager.
Following pages list the security advisories that we have released in each year: